The hash marks usually are the results of viruses, worms and other automatic programs attempting to access your server. I assume you went in as root and did a locate for test.gif? If not, do it. And check your PHP temp directory.
In the meantime get your self a copy of LogWatch and install it. This will notify you at regular intervals of any activity on your server.
Thanks. I didn't know bots can actually interact with a php form, such as select a file and upload it by pressing submit? I thought they usually only manipulate URLs by adding commands to the end of them.